1. Field of the Invention
This invention relates generally to computer systems, particularly computer systems which access or are accessible by other computer system, and to methods of controlling access to the accessed computer system. Specifically this invention relates to methods for recognizing valid computer service providers who are requesting access to a local or a remote computer system. More specifically this invention relates to methods and the technology for validating access to a local or a remote computer access providers. When used in combination with a remotely accessible digital computer, this invention serves to provide an means for allowing validated service providers to register for receiving service requests, thereby allow access to computer systems, software and utilities that are proprietary. For the purposes of this patent application, computer system is defined as one or more computational devices, employing processing units and methods of communicating data between such processing units. Such a computer system may be a single "stand-alone" computational device or a "network" of more than one computational device connected over electrical lines, optical signals, phone lines or any other method well know in the art as a method of communicating between computer systems.
Providing a method for validating a computer system service provider software module that requires registration with a system of either computer software or computer hardware, provides a useful technique for protecting the proprietary rights of the owner of the accessed computer system, without requiring the inconvenience and expense of digital signatures and/or hardware keys.
2. Description of Related Art
Various approaches are widely used to control access to computer systems, software and databases. Some well known approaches include: digital signatures, hardware keys, and proprietary interfaces. Digital signatures involve using an encryption algorithm, or key, to build a checksum and then attaches that checksum to the software module. Modules that have been tampered with or which have not correctly built the checksum because they do not have the authorized encryption key are rejected and are not allowed to link with the system. Hardware keys use a pair of encryption keys. One of which is contained within the software and the second is provided in a hardware module. The hardware module usually attaches to the computer system parallel port. The system only permits access if both the software keys and the hardware keys combine to produce an expected result. A proprietary interface is typically designed such that for an unauthorized module to attach, it must be carefully and correctly reverse engineered. Generally, such proprietary interfaces are non-trivial to reverse engineer and, furthermore, are protected by contract, making it a breach of contract to reverse engineer or to permit reverse engineering of the proprietary interface.
Other approaches described in the related art include the following: a digital key device which operates in combination with a conventional lock and a digital computer for providing a secondary security device; a personal identification encryption device; a hierarchical key management system for controlling access to secure computer terminals and networks; a hardware device, containing a key, to be plugged into a computer port which in combination a second key contained within software is used to prevent unauthorized use of software; a protocol for authenticating a cellular telephone to a service provider for the purpose of preventing piracy of cellular services, a data processing system for managing a public key cryptographic system involving both a public key and a private key, a crypto graphically linked authentication token for providing a means of identification of messages sent over data networks, a method for simultaneously executing one or more computer application programs in one or more host computer systems including a method of identifying the source computer, a method for determining whether a user is authorized to use a data communication network, a method and system for replicating a cryptographic facility in a public key crypto system, a computerized system including a method for managing the subscription of players into games of chance, a distributed computer system having a number of computers each using a information for identifying other computers for executing received commands, a network communications system, a method for key-management use with Internet protocols at site firewalls, a method for protecting the confidentiality of passwords in a distributed data processing system, a system and method for computer data transmission that may include password data, a system for software registration using unique registration numbers, a method of securing electronic voting, a programmable distributed personal security device, a method of providing communications services between multiple processes, including allowing the processes to register as a part of a distributed context, a method for a key-management scheme for Internet protocols, and a secure payment method.
This invention provides several important advantages over the prior approaches, including but not limited exclusively to: the overhead of digital signing is unnecessary, the separate and costly hardware key is not needed, the interface need not be treated as proprietary and therefore can be tried and tested before requiring the purchase of a license. Furthermore, this invention is designed to meed the unique requirements of computer services, software and/or developers in controlling access specifically to computer systems and computer software modules.
For general background material, the reader is directed to U.S. Pat. Nos. 3,790,957, 4,870,683, 4,885,779, 4,888,801, 5,081,676, 5,153,919, 5,200,999, 5,226,079, 5,228,137, 5,261,070, 5,265,164, 5,280,426, 5,287,537, 5,377,191, 5,416,842, 5,418,854, 5,473,691, 5,490,216, 5,495,532, 5,497,421, 5,533,123, 5,544,316, 5,588,060, and 5,590,196 each of which is hereby incorporated by reference in its entirety for the material disclosed therein.